CVE-2022-31704

9.8CRITICAL

Key Information

Vendor: Vmware
Status: Vrealize Log Insight (vrli)
Vendor: CVE Published:; 26 January 2023

Summary

The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.

Affected Version(s)

vRealize Log Insight (vRLI) = vRealize Log Insight 8.10.1 and prior

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jan 26, 2023
Vulnerability Reserved.
May 25, 2022

Collectors

NVD DatabaseMitre Database